This invention relates to systems and methods for authenticating transactions using a mobile device based primarily on the introduction of a layer of middleware and wherein the Payment Networks, Merchants, Issuing Banks, Credit Reporting Bureaus, Insurance Companies, Healthcare Providers may customize the implementation of the services based on individual strategy and consumer preferences.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
3. The computer-implemented method of claim 1, wherein the purchase confirmation request message is an SMS message.
4. The computer-implemented method of claim 1, wherein the purchase confirmation request message is a push message.
5. The computer-implemented method of claim 1, wherein the registered mobile device is used as a basis for dual-factor authentication.
6. The computer-implemented method of claim 1, wherein the payment account number is one of a credit card, a debit card, a gift card, an ATM card, and an alternative payment account number.
7. The computer-implemented method of claim 1, wherein the fraud control rule is implemented in accordance with a cardholder defined setting to automatically cancel the payment transaction based on one or more characteristics of the payment transaction, wherein the one or more characteristics of the payment transaction include unique identifying information about the merchant to determine that the merchant is a prohibited merchant; and wherein a reversal transaction is generated by the fraud control computing system and sent to a payment network associated with the payment account number.
This invention relates to fraud control in payment transactions, specifically addressing the problem of unauthorized or fraudulent transactions involving prohibited merchants. The method involves a fraud control computing system that automatically cancels a payment transaction based on predefined rules set by the cardholder. These rules evaluate transaction characteristics, including unique merchant identifiers, to detect prohibited merchants. When such a merchant is identified, the system generates a reversal transaction and sends it to the payment network linked to the payment account number, effectively canceling the transaction. The system ensures that transactions with restricted or blacklisted merchants are automatically blocked, enhancing security and preventing financial losses for cardholders. The solution leverages real-time transaction analysis and automated reversal mechanisms to mitigate fraud risks without manual intervention.
8. The computer-implemented method of claim 1, wherein the fraud control rule is implemented in accordance with a cardholder defined setting to automatically approve the payment transaction based on one or more characteristics of the payment transaction, and wherein the one or more characteristics of the payment transaction include unique identifying information about the merchant to determine that the merchant is not a prohibited merchant.
This invention relates to fraud control systems for payment transactions, specifically addressing the challenge of automatically approving transactions while ensuring compliance with cardholder-defined rules. The method involves implementing a fraud control rule based on cardholder preferences to automatically approve a payment transaction, provided certain transaction characteristics are met. These characteristics include unique identifying information about the merchant, which is used to verify that the merchant is not on a prohibited list. The system evaluates transaction details such as merchant identity to determine approval eligibility, enhancing security while reducing manual review for trusted transactions. The approach allows cardholders to customize fraud control settings, ensuring transactions are processed efficiently while mitigating risks associated with unauthorized or high-risk merchants. The solution integrates real-time merchant verification into the approval process, improving transaction speed and accuracy. By leveraging predefined cardholder rules and merchant data, the system automates decision-making, reducing fraud exposure and operational overhead. The method ensures that only transactions meeting the cardholder's criteria, including merchant legitimacy, are approved without additional intervention. This enhances user trust and system reliability in payment processing.
9. The computer-implemented method of claim 1, wherein the purchase confirmation reply message is approved by the consumer via the registered mobile device using a biometric factor of the consumer wherein the biometric factor is validated by the registered mobile device.
10. The computer-implemented method of claim 1, wherein the purchase confirmation reply message is approved by the consumer via the registered mobile device using a biometric factor of the consumer wherein the biometric factor is validated by a host computer of the fraud control computing system.
11. The computer-implemented method of claim 2, wherein the payment account number is registered in the database of the fraud control computing system by the consumer prior to the payment transaction; and wherein during payment account registration the consumer sets each of a purchase limit, a daily limit, an approved merchant, and a prohibited merchant.
12. The computer-implemented method of claim 1, wherein the registered mobile device comprises a secure token; and wherein the secure token is issued to the registered mobile device prior to processing the payment transaction.
13. The computer-implemented method of claim 12, wherein the secure token is issued to the registered mobile device by a third-party token validation service.
14. The computer-implemented method of claim 1, wherein the registered mobile device comprises an encryption application which is certified on the registered mobile device; the registered mobile device further comprising a secure token which is not associated with the encryption application; wherein the secure token is implemented as a compensating control for encryption.
This invention relates to secure data processing in mobile devices, specifically addressing the challenge of ensuring data encryption compliance when a device lacks native encryption capabilities. The method involves a registered mobile device equipped with a certified encryption application, which may not be sufficient alone to meet security standards. To compensate, the device includes a separate secure token that operates independently of the encryption application. This token serves as a compensating control, providing additional security measures to ensure data encryption compliance. The secure token may include hardware-based security features, such as a trusted platform module (TPM) or a secure enclave, to enhance protection. The encryption application and secure token work together to enforce encryption policies, even if the device's operating system or hardware does not natively support full encryption. This approach allows organizations to use mobile devices that would otherwise fail compliance checks by supplementing their security with the secure token. The method ensures that sensitive data remains encrypted, meeting regulatory and organizational security requirements.
15. The computer-implemented method of claim 12 wherein the purchase confirmation reply message comprises the secure token; the secure token indicating that the consumer has approved the payment transaction using the registered mobile device comprising the secure token.
This invention relates to secure payment transactions using mobile devices. The problem addressed is ensuring secure and authenticated payment approvals in digital transactions, particularly where fraud or unauthorized access is a risk. The solution involves generating and using a secure token to verify that a consumer has authorized a payment via their registered mobile device. The method involves a payment transaction initiated by a consumer, where a purchase confirmation request is sent to the consumer's registered mobile device. The device generates a secure token, which is a unique cryptographic identifier linked to the transaction and the consumer's approval. This token is then included in a purchase confirmation reply message sent back to the payment system. The secure token serves as proof that the consumer has explicitly authorized the payment using their registered device, enhancing security and reducing fraud risk. The secure token is generated by the mobile device in response to the purchase confirmation request, ensuring that only the registered device can produce a valid token for the transaction. The token may include transaction details, device authentication data, or other security features to prevent tampering or unauthorized use. The payment system verifies the token to confirm the transaction's legitimacy before processing the payment. This approach improves trust in mobile payment systems by providing a tamper-evident approval mechanism.
16. The computer-implemented method of claim 15 wherein the secure token is validated by a third-party token validation service.
A system and method for secure token validation in digital transactions involves verifying the authenticity and integrity of a secure token using a third-party token validation service. The secure token is generated by a token generation system and includes encrypted data representing transaction details, user authentication credentials, or other sensitive information. The token is transmitted to a receiving system, which then sends the token to a third-party validation service for verification. The validation service checks the token's cryptographic signature, expiration date, and other security features to confirm its validity. If the token is valid, the validation service returns a confirmation to the receiving system, allowing the transaction to proceed. If the token is invalid, the validation service returns an error, and the transaction is rejected. This method ensures that only legitimate tokens are processed, preventing unauthorized access or fraudulent transactions. The third-party validation service operates independently of the token generation and receiving systems, providing an additional layer of security by removing potential conflicts of interest or vulnerabilities in the validation process. The system may also include additional security measures, such as multi-factor authentication or biometric verification, to further enhance protection against unauthorized access.
17. The computer-implemented method of claim 2, wherein the fraud control computing system further comprises a PIN repository operable to store an alternate PIN related to the payment account number; wherein the alternate PIN is not the cardholder's physical PIN; wherein the alternate PIN is inserted by the fraud control computing system into the payment data prior to forwarding the payment transaction to a PIN debit payment account issuer.
18. The computer-implemented method of claim 12, wherein the secure token is inserted into the payment data by the fraud control computing system prior to routing the payment transaction to a payment account issuer.
19. The computer-implemented method of claim 9, wherein the biometric factor is a geometric facial scan of the consumer.
A computer-implemented method for biometric authentication uses a geometric facial scan of a consumer to verify identity. The method involves capturing a three-dimensional geometric representation of the consumer's face, which includes spatial measurements of facial features such as distances between key points, angles, and contours. This geometric data is then compared against a stored reference profile to determine a match. The method may also incorporate additional biometric factors, such as voice recognition or fingerprint scans, to enhance security. The system processes the facial scan data using algorithms that analyze geometric relationships between facial landmarks to ensure accuracy and resistance to spoofing attempts. The method is designed for applications in secure access control, financial transactions, or identity verification, where high accuracy and reliability are critical. The geometric facial scan provides a robust alternative to traditional two-dimensional facial recognition, reducing false positives and improving authentication performance in varying lighting conditions or partial occlusions. The system may also include steps to preprocess the scan data, such as noise reduction or feature extraction, to optimize matching efficiency. The method ensures real-time processing and minimal latency, making it suitable for high-throughput environments like banking or border control.
20. The computer-implemented method of claim 9, wherein the biometric factor is a finger print of the consumer.
21. The computer-implemented method of claim 10, wherein the biometric factor is a voice print of the consumer.
23. The non-transitory computer-readable medium comprising computer-executable instructions of claim 22, wherein the registered mobile device is used as a basis for dual-factor authentication.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 18, 2019
November 15, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.